H is for Hacker

Like many hackers, David Nakamura Hulton goes by more than one name. His other one, his handle, is h1kari. Some people say you shouldn’t ask a hacker what his handle means. Handles aren’t always meant to be serious. Sometimes they’re designed to foil any journalist who assumes a handle is a window into a hacker’s soul. At the least, your inquiry indicates you’re a rube in hacker circles. But when Hulton greets me at the far end of the Starlight Ballroom one Friday evening in September, he offers both names, along with a handshake, and, unprompted, says of his handle’s homonym, hikari, “It’s a Japanese word. It means ‘divine light’ or ‘enlightenment.’ ”

The Starlight Ballroom is on the ninth floor of downtown’s Bristol Hotel. If this seems like an odd place for a weekend hacker conference to hold its opening party, maybe it isn’t any odder than a hacker conference in the first place.

The lights are low; so is the music. Attendance is sparse, maybe 75 people, but the night is young, as are most of the attendees. The atmosphere is reminiscent of a college mixer, one where the women largely haven’t showed. Young men sit or stand in clusters. At the far end of the ballroom, where I am standing with Hulton, the roof is rolled open to the sky, above what must normally be used for a dance floor. The opening line of William Gibson’s seminal cyberpunk novel, Neuromancer (1984), describes a sky “the color of television, tuned to a dead station.” The sky above the Bristol, try as I may to see it differently, is an ordinary dark navy blue.

In 1999, Hulton and a friend co-organized this annual event, called ToorCon. Hackers gather at “cons” in many other parts of the country, but the one in San Diego is their only venue on the West Coast. def con, which is held in Las Vegas every August, is more of a convention than conference — “the largest hacker convention on the planet,” says its website, www.DEFCON.org. Ten years ago, def con’s originators named it in mock homage to the military term “DEFense CONdition.” It was popularized by the movie War Games (1983), in which a teenage hacker played by Matthew Broderick accidentally hacks into the North American Aerospace Defense Command and nearly starts a nuclear war. Movie viewers watch the situation proceed from def con5 (“normal peacetime readiness”) to def con1 (“maximum force readiness”) before the hacker’s mistake is discovered. The hackers I’ve met consider laughable most Hollywood depictions of their activities. War Games is one tolerable exception, which they credit for managing to portray accurately at least some technical aspects of hacking. As for def con the convention, they consider it a must-do, no matter how many regional cons they attend. Last summer, at def con, attendance was over 6000. But popularity has its drawbacks. By all accounts, what began as a weekend of good technical talks for the computer underground has devolved into a bacchanalia attracting too many hangers-on and hacker wannabes.

ToorCon, meanwhile, has acquired a reputation of its own. It’s considered to be a con for the serious-minded hacker, a place to learn, exchange information, and party a little, but not on the grand scale of def con. “We’ve heard that ToorCon is the pg version of def con,” a La Jolla father of a 13-year-old boy told me. The two would attend ToorCon 2002 together. The boy, who wore his blond hair in choirboy bangs and had braces on his teeth, reluctantly revealed his handle: “Qwertykey.” Proud father patted son’s shoulder: “He’s my budding geek.”

When I first spoke to Hulton, he didn’t mention his h1kari persona and didn’t exactly say he was a hacker. This was on the phone three years ago, when he was looking to get publicity for ToorCon 2000. His press release said it was a “computer security expo.” There would be booths and speakers as at any trade show, Hulton said. (True, some speakers had strange nicknames, like “Simple Nomad” and “palante,” but I still didn’t get it.) Hulton himself did “a lot of computer-security consulting in the San Diego area.” He and the same friend who had started the conference with him ran a computer-security business, Nightfall Security Solutions. It sounded like a good name for a burglar-alarm company.

I asked Hulton during that initial conversation what “ToorCon” meant. “ ‘Toor’ is ‘root’ spelled backwards,” he said. “And ‘root’ means ‘full administrative privileges on the system,’ so if you gain root, you have full access.” Root is the goal for those who compete as intruders in RootWars, a computer game co-invented by Hulton that people play at the conference. (At def con, there is a similar game, Capture the Flag.) Other RootWars players, called servers, run the systems the intruders attempt to invade. A third group plays as investigators. They watch the networks, run their intrusion detectors, and hope to catch the highest number of intrusion attempts.

As we talked that day, about how some people break into machines and others try to thwart them — in the real world, not just while playing RootWars — I realized the truth. Is it correct to say that the anti-hackers are themselves hackers? I asked. To catch a thief, as the saying goes?

“How people usually put it is, you know, like the locksmith?” Hulton said. “The locksmith knows everything about how locks work, but there’s this code of ethics, where you don’t use your knowledge to break into anybody’s house. Some people out there think that all hackers are bad,” he acknowledged. “They think hackers just break into things and divert funds into their own bank accounts. And there are people who do malicious stuff and who call themselves hackers. But actually hackers are people who write the programs and do the testing that can help secure everybody’s systems.”

Maybe there should be two different words, I suggested, one for the bad guys and one for the rest?